# 2025-12-05 11:50:43 by RouterOS 7.20.5 # software id = HSR5-2Z4K # # model = RB4011iGS+ # serial number = D4440C82B0CE /interface ethernet set [ find default-name=ether1 ] name=ether1-PoEIN set [ find default-name=ether2 ] disabled=yes set [ find default-name=ether3 ] disabled=yes set [ find default-name=ether4 ] disabled=yes set [ find default-name=ether5 ] disabled=yes set [ find default-name=ether6 ] disabled=yes set [ find default-name=ether7 ] disabled=yes set [ find default-name=ether8 ] disabled=yes set [ find default-name=ether10 ] name=ether10-PoE-Out poe-out=off set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=\ "Sede x DataCom" /interface vlan add interface=sfp-sfpplus1 name=vlanif_13 vlan-id=13 add interface=sfp-sfpplus1 name=vlanif_24 vlan-id=24 add interface=sfp-sfpplus1 name=vlanif_26 vlan-id=26 add interface=sfp-sfpplus1 name=vlanif_69 vlan-id=69 add interface=sfp-sfpplus1 name=vlanif_70 vlan-id=70 add interface=sfp-sfpplus1 name=vlanif_71 vlan-id=71 add interface=sfp-sfpplus1 name=vlanif_72 vlan-id=72 add interface=sfp-sfpplus1 name=vlanif_124 vlan-id=124 add comment=uplink-vs01-IPv6 interface=sfp-sfpplus1 name=vlanif_199 vlan-id=\ 199 add comment=uplink-vs02-IPv4 interface=sfp-sfpplus1 name=vlanif_299 vlan-id=\ 299 /interface list add comment=defconf name=WAN add comment=defconf name=LAN /ip pool add name=069_SEDE_ADM ranges=192.168.0.50-192.168.0.220 add name=070_pool_TI_NOC ranges=192.168.70.50-192.168.70.100 add name=071_REDE_CELULARES ranges=192.168.71.50-192.168.71.200 add name=013-iOT-30-99 ranges=10.0.13.30-10.0.13.99 add name=013-iOT-150-199 ranges=10.0.13.150-10.0.13.199 add name=072-Hotspot-Unifi ranges=192.168.72.50-192.168.72.200 /ip dhcp-server add address-pool=069_SEDE_ADM interface=vlanif_69 lease-time=1w name=\ 069_SEDE_FIX add address-pool=070_pool_TI_NOC interface=vlanif_70 lease-time=1w name=\ 070_DHCP_TI_NOC add address-pool=071_REDE_CELULARES disabled=yes interface=vlanif_71 \ lease-time=8h name=071_DHCP_SEDE_OUTROS add add-arp=yes address-pool=013-iOT-30-99 interface=vlanif_13 lease-time=8h \ name=013-iOT add add-arp=yes address-pool=072-Hotspot-Unifi interface=vlanif_72 \ lease-time=2h name=072-DHCP-HOTSPOT /ipv6 pool add name=v6_pool_LAN prefix=2804:47e4:8c0:3000::/52 prefix-length=64 add name=v6_pool_LAN_NOC prefix=2804:47e4:8c0:1000::/52 prefix-length=64 add name=v6_pool_LAN_CELULARES prefix=2804:47e4:8c0:2000::/52 prefix-length=\ 64 add name=v6_pool_013_iot prefix=2804:47e4:8c0:4000::/52 prefix-length=64 /port set 0 name=serial0 set 1 name=serial1 /ppp profile add change-tcp-mss=no local-address=192.168.70.2 name=L2TP_NOC \ remote-address=070_pool_TI_NOC remote-ipv6-prefix-pool=v6_pool_LAN_NOC \ use-compression=no use-encryption=yes use-mpls=no use-upnp=no add change-tcp-mss=no local-address=192.168.0.2 name=L2TP rate-limit=\ 15MB/15MB remote-address=069_SEDE_ADM remote-ipv6-prefix-pool=v6_pool_LAN \ use-compression=no use-encryption=yes use-mpls=no use-upnp=no /snmp community set [ find default=yes ] name=ctcorp-lan /system logging action add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ 10.0.24.23 target=remote /disk settings set auto-media-interface=*D auto-media-sharing=yes auto-smb-sharing=yes /ip firewall connection tracking set enabled=yes tcp-established-timeout=12h udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface l2tp-server server set allow-fast-path=yes default-profile=L2TP enabled=yes keepalive-timeout=\ disabled max-mru=1500 max-mtu=1500 use-ipsec=required /ip address add address=10.0.24.23/24 interface=vlanif_24 network=10.0.24.0 add address=192.168.0.2/24 interface=vlanif_69 network=192.168.0.0 add address=10.0.13.23/24 interface=vlanif_13 network=10.0.13.0 add address=172.31.32.22/30 comment="Enlace B2" interface=vlanif_299 network=\ 172.31.32.20 add address=172.31.31.22/30 comment="Enlace B1" interface=vlanif_199 network=\ 172.31.31.20 add address=10.1.24.23/24 interface=vlanif_124 network=10.1.24.0 add address=192.168.70.2/24 interface=vlanif_70 network=192.168.70.0 add address=192.168.100.2/24 interface=vlanif_71 network=192.168.100.0 add address=45.228.244.4 interface=lo network=45.228.244.4 add address=45.228.246.4 interface=lo network=45.228.246.4 add address=10.0.26.23/24 interface=vlanif_26 network=10.0.26.0 add address=192.168.72.2/24 comment="GATEWAY HOTSPOT UNFI" interface=\ vlanif_72 network=192.168.72.0 add address=10.0.70.1/30 comment=fiore-teste interface=*1C network=10.0.70.0 add address=10.0.70.1/30 interface=*1D network=10.0.70.0 /ip arp add address=10.0.13.95 comment=P2-SensorDeFase-Preta interface=vlanif_13 \ mac-address=18:DE:50:A4:6A:F6 add address=192.168.0.78 interface=vlanif_69 mac-address=98:E5:5B:1F:D5:C4 /ip cloud set update-time=no /ip dhcp-client # Interface not active add comment=defconf interface=ether1-PoEIN /ip dhcp-server lease add address=192.168.0.5 client-id=1:44:3b:32:52:67:5 comment=DVR mac-address=\ 44:3B:32:52:67:05 server=069_SEDE_FIX add address=192.168.0.7 client-id=1:dc:a6:32:99:e5:ac comment="TV NOC" \ mac-address=DC:A6:32:99:E5:AC server=069_SEDE_FIX add address=192.168.0.9 client-id=1:c:96:e6:22:6a:9c comment="impressroa hp" \ mac-address=0C:96:E6:22:6A:9C server=069_SEDE_FIX add address=192.168.0.12 comment="Impressora XEROX" mac-address=\ 9C:93:4E:6D:39:E1 server=069_SEDE_FIX add address=192.168.0.24 client-id=1:0:c:29:a8:3d:34 comment=\ "Servidor microsfot" mac-address=00:0C:29:A8:3D:34 server=069_SEDE_FIX add address=192.168.0.41 client-id=1:24:52:6a:45:7:1 comment="NVR da SEDE" \ mac-address=24:52:6A:45:07:01 server=069_SEDE_FIX add address=192.168.0.20 comment="#SW_2_andar - AP refeitorio" mac-address=\ 00:00:00:00:00:20 server=069_SEDE_FIX add address=192.168.0.105 client-id=1:44:3b:32:86:2d:7e comment=\ "CAMERA ESTOQUE" mac-address=44:3B:32:86:2D:7E server=069_SEDE_FIX add address=192.168.0.97 client-id=1:b2:68:a6:2d:65:d5 mac-address=\ B2:68:A6:2D:65:D5 server=069_SEDE_FIX add address=192.168.0.194 client-id=1:0:26:8b:a:92:ea comment=\ "TELEFONE IP CAROL" mac-address=00:26:8B:0A:92:EA server=069_SEDE_FIX add address=192.168.0.6 comment="TARCILA - LDAP FS" mac-address=\ 00:50:56:80:31:63 server=069_SEDE_FIX add address=192.168.0.8 comment="PrintServer - OpenAudit" mac-address=\ 00:00:00:00:00:03 server=069_SEDE_FIX add address=192.168.0.11 comment="Impressora RICOH" mac-address=\ 00:26:73:8D:9E:F3 server=069_SEDE_FIX add address=192.168.0.17 comment="Nextcloud - FIX" mac-address=\ 00:00:00:00:00:17 server=069_SEDE_FIX add address=192.168.0.16 comment="REBECA - WIKI" mac-address=\ 00:00:00:00:00:16 server=069_SEDE_FIX add address=192.168.0.10 comment="Impressora RICOH" mac-address=\ 00:00:00:00:00:10 server=069_SEDE_FIX add address=192.168.0.99 client-id=1:d8:36:5f:40:5:4f comment="CAMERA PIA" \ mac-address=D8:36:5F:40:05:4F server=069_SEDE_FIX add address=192.168.0.163 comment="### ALAMR INTEBRAS" mac-address=\ 48:51:CF:DE:5E:11 server=069_SEDE_FIX add address=192.168.0.50 client-id=1:bc:32:5f:f4:f6:82 mac-address=\ BC:32:5F:F4:F6:82 server=069_SEDE_FIX add address=192.168.70.99 client-id=1:84:7b:57:e7:91:77 mac-address=\ 84:7B:57:E7:91:77 server=070_DHCP_TI_NOC add address=192.168.0.73 client-id=1:74:e5:f9:94:97:15 mac-address=\ 74:E5:F9:94:97:15 server=069_SEDE_FIX add address=192.168.0.202 client-id=1:7c:5c:f8:24:6f:fd mac-address=\ 7C:5C:F8:24:6F:FD server=069_SEDE_FIX add address=192.168.0.140 client-id=1:5c:cd:5b:d9:cc:b3 mac-address=\ 5C:CD:5B:D9:CC:B3 server=069_SEDE_FIX add address=10.0.13.181 client-id=1:dc:a6:32:99:e5:ac comment=\ "SEDE - Raspberry Pi" mac-address=DC:A6:32:99:E5:AC server=013-iOT add address=192.168.0.61 client-id=1:74:e5:f9:3c:38:40 mac-address=\ 74:E5:F9:3C:38:40 server=069_SEDE_FIX add address=10.0.13.32 comment="SEDE - Sensor de temperatura" mac-address=\ FC:F5:C4:AB:4C:8A server=013-iOT add address=10.0.13.39 comment="P4 - Ar condcionado" mac-address=\ 1C:39:29:24:FC:BB server=013-iOT add address=10.0.13.40 comment="P2 - Ar condcionado" mac-address=\ 1C:39:29:03:FB:B4 server=013-iOT add address=10.0.13.49 comment="SEDE - AR - Atendimento2" mac-address=\ 1C:39:29:7F:A3:1A server=013-iOT add address=10.0.13.50 comment="SEDE - AR - Atendimento1" mac-address=\ 1C:39:29:7E:E2:53 server=013-iOT add address=192.168.0.13 comment=CASAOS mac-address=00:00:00:00:00:13 server=\ 069_SEDE_FIX add address=10.0.13.96 comment=P1-F.VERMELHA mac-address=18:DE:50:38:BC:8E \ server=013-iOT add address=10.0.13.93 comment="SEDE - IR-AC-ADM" mac-address=\ 1C:90:FF:8E:95:83 server=013-iOT add address=10.0.13.44 comment="P1 - Ar condcionado" mac-address=\ 1C:39:29:15:78:F3 server=013-iOT add address=10.0.13.57 comment="P4 - Ar condcionado 2" mac-address=\ 1C:39:29:BD:44:49 server=013-iOT add address=10.0.13.94 comment=P4-ALARME mac-address=44:3B:32:5A:CD:AC \ server=013-iOT add address=10.0.13.51 comment=P4-F.VERMELHA mac-address=18:DE:50:AF:BF:85 \ server=013-iOT add address=192.168.0.134 client-id=1:84:7b:57:e7:91:27 mac-address=\ 84:7B:57:E7:91:27 server=069_SEDE_FIX add address=10.0.13.35 comment=P3-F.VERMELHA mac-address=18:DE:50:A4:6E:9E \ server=013-iOT add address=192.168.0.18 comment="NC container - PROXY" mac-address=\ 00:00:00:00:00:18 server=069_SEDE_FIX add address=10.0.13.97 comment=P2-F.VERMELHA mac-address=18:DE:50:AF:BE:27 \ server=013-iOT add address=10.0.13.95 comment=P2-F.PRETA mac-address=18:DE:50:A4:6A:F6 \ server=013-iOT add address=10.0.13.99 comment=P2-ALARME mac-address=30:E1:F1:A3:18:D9 \ server=013-iOT add address=10.0.13.45 comment=P4-SONOFF mac-address=18:DE:50:A6:94:67 \ server=013-iOT add address=10.0.13.36 comment=P3-F.PRETA mac-address=18:DE:50:A4:76:95 \ server=013-iOT add address=10.0.13.56 comment=P4-F.PRETA mac-address=18:DE:50:A4:64:A7 \ server=013-iOT add address=10.0.13.53 comment=P1-F.PRETA mac-address=18:DE:50:0A:CC:20 \ server=013-iOT add address=10.0.13.54 comment=P1-PRETA-SABESP mac-address=18:DE:50:38:C1:44 \ server=013-iOT add address=10.0.13.55 comment=P1-VERMELHA-SABESP mac-address=\ 18:DE:50:38:C7:AF server=013-iOT add address=10.0.13.52 comment=SEDE-FECHADURA-ESTOQUE mac-address=\ D8:1F:12:39:DE:F3 server=013-iOT add address=10.0.13.41 comment=P4-TEMP-RACK mac-address=50:8B:B9:5E:39:84 \ server=013-iOT add address=10.0.13.42 comment=P4-TEMP-GERADOR mac-address=1C:90:FF:F0:B7:E6 \ server=013-iOT add address=10.0.13.58 comment=P1-TEMP-RACK mac-address=A8:80:55:18:AC:13 \ server=013-iOT add address=10.0.13.34 comment=P4-TEMP_BATERIA mac-address=50:8B:B9:30:B6:26 \ server=013-iOT add address=10.0.13.59 comment=P3-DETEC-FUMACA mac-address=1C:90:FF:B1:69:62 \ server=013-iOT add address=10.0.13.31 client-id=1:f4:ce:23:a4:c1:58 comment=P3-TEMP-BATERIA \ mac-address=50:8B:B9:2D:C4:C3 server=013-iOT add address=10.0.13.30 comment=P4-DETC_FUMACA mac-address=18:DE:50:C4:B7:E7 \ server=013-iOT add address=10.0.13.48 client-id=1:46:ee:40:4f:14:91 comment=SEDE_CELULAR-TI \ mac-address=46:EE:40:4F:14:91 server=013-iOT add address=10.0.13.33 comment=P3-TEMP_RACK mac-address=50:8B:B9:5E:1A:59 \ server=013-iOT add address=10.0.13.62 comment=P2-DETEC_FUMACA mac-address=18:DE:50:C4:BF:D2 \ server=013-iOT add address=10.0.13.174 comment=P2-TEMP_RACK mac-address=A8:80:55:1D:90:0A \ server=013-iOT add address=10.0.13.175 comment=P2-TEMP_PORTA mac-address=A8:80:55:1B:67:1B \ server=013-iOT add address=10.0.13.68 mac-address=FC:3C:D7:DD:B3:5D server=013-iOT add address=192.168.0.19 comment="SW estoque" mac-address=00:00:00:00:00:19 \ server=069_SEDE_FIX add address=192.168.0.21 comment="teste IA" mac-address=00:00:00:00:00:21 \ server=069_SEDE_FIX add address=10.0.13.78 comment=P3-AC-LG-22Btu mac-address=34:E6:E6:57:1D:DC \ server=013-iOT add address=10.0.13.69 mac-address=D8:C8:0C:02:B7:3C server=013-iOT add address=10.0.13.70 mac-address=D8:C8:0C:02:B4:B5 server=013-iOT add address=192.168.0.78 client-id=1:98:e5:5b:1f:d5:c4 mac-address=\ 98:E5:5B:1F:D5:C4 server=069_SEDE_FIX add address=192.168.0.53 client-id=1:b8:27:eb:7c:fd:82 mac-address=\ B8:27:EB:7C:FD:82 server=069_SEDE_FIX add address=192.168.0.110 client-id=1:0:21:b7:b3:3c:4 mac-address=\ 00:21:B7:B3:3C:04 server=069_SEDE_FIX /ip dhcp-server network add address=10.0.13.0/24 dns-server=45.228.246.122,45.228.244.121 domain=\ fixfibra.br gateway=10.0.13.23 add address=192.168.0.0/24 comment="DNS - sede 192.168.0.6" dns-server=\ 192.168.0.6 domain=fixfibra.br gateway=192.168.0.2 add address=192.168.70.0/24 dns-server=192.168.0.6 domain=fixfibra.br \ gateway=192.168.70.2 add address=192.168.71.0/24 dns-server=45.228.244.121,45.228.246.122 domain=\ fixfibra.guest gateway=192.168.71.2 add address=192.168.72.0/24 dns-server=45.228.244.121,45.228.246.122 domain=\ fixfibra.guest gateway=192.168.72.2 /ip dns set cache-max-ttl=1d servers=192.168.0.6,2804:47e4:1::120,2804:47e4:8002::124 /ip firewall address-list add address=192.168.0.6 list=Allow_sede add address=192.168.0.24 list=Allow_sede add address=192.168.0.7 list=Allow_sede add address=192.168.70.0/24 list=AL_CELULARES-DROP add address=10.0.0.0/8 list=AL_CELULARES-DROP add address=192.168.0.0/24 list=AL_CELULARES-DROP add address=192.168.70.0/24 list=AL_SEDE-DROP add address=10.0.0.0/8 list=AL_SEDE-DROP add address=192.168.0.15 list=Allow_sede add address=10.0.24.10 list=AL-ACP-FERNANDA-OLT add address=10.0.24.12 list=AL-ACP-FERNANDA-OLT add address=10.0.24.13 list=AL-ACP-FERNANDA-OLT add address=10.0.24.14 list=AL-ACP-FERNANDA-OLT add address=10.0.0.0/8 list=AL_SAIDA_RFC_4193 add address=192.168.0.0/16 list=AL_SAIDA_RFC_4193 add address=172.16.0.0/12 list=AL_SAIDA_RFC_4193 add address=10.0.24.0/24 list=AL_GERENCIA_TI-NOC add address=10.1.24.0/24 list=AL_GERENCIA_TI-NOC add address=192.168.0.47 list=Allow_sede add address=192.168.0.46 list=Allow_sede add address=192.168.0.45 list=Allow_sede add address=192.168.0.20 list=Allow_sede add address=192.168.0.16 list=Allow_sede add address=192.168.0.11 list=Allow_sede add address=192.168.0.12 list=Allow_sede add address=192.168.0.13 list=Allow_sede add address=192.168.0.202 comment=NOTE-DAVI list=Allow-RASP add address=192.168.0.140 comment=NOTE-LEO list=Allow-RASP add address=192.168.0.73 comment=NOTE-GILMAR list=Allow-RASP add address=192.168.0.95 list=Allow_sede add address=192.168.0.17 list=Allow_sede add address=10.0.24.11 list=AL-ACP-FERNANDA-OLT add address=192.168.0.5 list=Allow_sede add address=192.168.0.206 list=Allow_sede add address=192.168.100.0/24 list=AL-ALLOW-71-unifi add address=192.168.0.250 list=Allow_sede add address=192.168.0.22 list=Allow_sede add address=192.168.0.35 list=Allow_sede add address=192.168.0.34 list=Allow_sede add address=192.168.0.21 list=Allow_sede add address=192.168.0.30 list=Allow_sede add address=192.168.0.32 list=Allow_sede add address=192.168.0.31 list=Allow_sede add address=192.168.0.19 list=Allow_sede add address=192.168.0.18 list=Allow_sede add address=192.168.0.36 list=Allow_sede add address=192.168.0.14 list=Allow_sede add address=192.168.0.37 list=Allow_sede add address=192.168.0.40 list=Allow_sede add address=10.25.0.0/18 list=AL_GERENCIA_TI-NOC add address=192.168.0.8 list=Allow_sede add address=192.168.0.9 list=Allow_sede add address=192.168.0.85 list=Allow_sede add address=10.0.26.0/24 list=AL_GERENCIA_TI-NOC add address=192.168.0.50 list=Allow_sede add address=192.168.0.108 list=Allow_sede add address=192.168.0.27 list=Allow_sede add address=192.168.0.54 list=Allow_sede add address=191.9.20.40 list=CASA-ANDRE add address=172.20.0.0/22 list=AL_GERENCIA_TI-NOC add address=172.20.8.0/22 list=AL_GERENCIA_TI-NOC add address=192.168.0.41 list=Allow_sede add address=192.168.0.25 list=Allow_sede add address=192.168.0.39 list=Allow_sede add address=192.168.0.53 list=Allow_sede add address=192.168.80.0/24 list=Allow_sede add address=10.0.13.0/24 list=AL_GERENCIA_TI-NOC add address=192.168.0.78 list=Allow_sede add address=192.168.0.26 list=Allow_sede add address=192.168.0.2 list=Allow_sede add address=10.0.70.0/30 list=Allow_sede add address=192.168.0.110 list=Allow_sede /ip firewall filter add action=fasttrack-connection chain=forward connection-state=\ established,related hw-offload=yes add action=accept chain=forward connection-state=established,related /ip firewall nat add action=dst-nat chain=dstnat comment="## NAT - NextCloud" dst-address=\ 45.228.244.4 dst-port=443 protocol=tcp to-addresses=192.168.0.17 \ to-ports=443 add action=dst-nat chain=dstnat comment="## NAT TALK - NextCloud" \ dst-address=45.228.244.4 dst-port=5349 protocol=tcp to-addresses=\ 192.168.0.17 to-ports=443 add action=dst-nat chain=dstnat comment="## NAT TALK - NextCloud" \ dst-address=45.228.244.4 dst-port=5349 protocol=udp to-addresses=\ 192.168.0.17 to-ports=443 add action=dst-nat chain=dstnat comment="## NAT - NextCloud" dst-address=\ 45.228.244.4 dst-port=80 protocol=tcp to-addresses=192.168.0.17 to-ports=\ 80 add action=dst-nat chain=dstnat comment="## NAT - GERADOR POP 1" dst-address=\ 45.228.244.4 dst-port=1351 protocol=tcp to-addresses=10.0.13.103 \ to-ports=1351 add action=src-nat chain=srcnat comment="## NAT PARA APP MAPEAMENTO DE PORTA" \ dst-address-list=AL-ACP-FERNANDA-OLT src-address=192.168.0.15 \ to-addresses=10.0.24.23 add action=src-nat chain=srcnat comment="## NAT WAN - IOT NAT 246.4" \ dst-address-list=!AL_SAIDA_RFC_4193 src-address=10.0.13.0/24 \ to-addresses=45.228.246.4 add action=src-nat chain=srcnat comment="## NAT WAN - SEDE 69" \ dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.0.0/24 \ to-addresses=45.228.244.4 add action=src-nat chain=srcnat comment="## NAT WAN - NOC 70" \ dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.70.0/24 \ to-addresses=45.228.244.4 add action=src-nat chain=srcnat comment="## NAT WAN - HOTSPOT 72" \ dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.72.0/24 \ to-addresses=45.228.244.4 add action=src-nat chain=srcnat comment="## NAT - vlan 24 X TI-NOC" \ dst-address-list=AL_GERENCIA_TI-NOC src-address=192.168.70.0/24 \ to-addresses=10.0.24.23 add action=src-nat chain=srcnat comment="## NAT - vlan 124 X TI-NOC" \ dst-address-list=AL_GERENCIA_TI-NOC src-address=192.168.70.0/24 \ to-addresses=10.1.24.23 add action=src-nat chain=srcnat comment="## NAT WAN - UPDATE" disabled=yes \ dst-address-list=!AL_SAIDA_RFC_4193 to-addresses=45.228.244.4 /ip firewall raw add action=accept chain=prerouting comment=\ "## Regra para portal de mapeamento" dst-address-list=AL-ACP-FERNANDA-OLT \ src-address=192.168.0.15 add action=accept chain=prerouting comment="## Regra para Teste GenieACS" \ dst-address=10.0.24.136 src-address=192.168.0.13 add action=accept chain=prerouting comment="## Liberacao - UNIFI - OUTROS" \ dst-address=192.168.0.24 src-address-list=AL-ALLOW-71-unifi add action=accept chain=prerouting comment="## Regra de saida da VLAN 70" \ src-address=192.168.70.0/24 add action=accept chain=prerouting comment=\ "## Regra de liberacao da Vlan 70 para host da vlan 69" dst-address=\ 192.168.70.0/24 src-address-list=Allow_sede add action=drop chain=prerouting comment=\ "## Regra de bloqueio da vlan 69 para outras redes" dst-address-list=\ AL_SEDE-DROP src-address=192.168.0.0/24 add action=drop chain=prerouting comment=\ "## Regra de bloqueio da vlan 71 para outras redes" disabled=yes \ dst-address-list=AL_CELULARES-DROP src-address=192.168.100.0/24 add action=drop chain=prerouting comment=\ "## Regra de bloqueio da vlan 72 para outras redes" dst-address=\ !192.168.0.24 dst-address-list=AL_CELULARES-DROP src-address=\ 192.168.72.0/24 /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add check-gateway=ping comment="## Default Route - B2" disabled=no distance=\ 20 dst-address=0.0.0.0/0 gateway=172.31.32.21 pref-src="" routing-table=\ main scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=arp comment="## Default Route - B1" disabled=no distance=\ 100 dst-address=0.0.0.0/0 gateway=172.31.31.21 routing-table=main scope=\ 30 suppress-hw-offload=no target-scope=10 add comment="## GERENCIA 053-RADIOS" disabled=yes distance=1 dst-address=\ 192.168.10.0/24 gateway=10.0.24.33 routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10 add comment="Gerencia vlan 25" disabled=no distance=1 dst-address=\ 10.25.0.0/18 gateway=10.0.24.35 routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10 add comment="## Gerencia contratos bloqueados B2" disabled=no distance=1 \ dst-address=172.20.8.0/22 gateway=10.0.24.8 routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10 add comment="## Gerencia contratos bloqueados B1" disabled=no distance=1 \ dst-address=172.20.0.0/22 gateway=10.0.24.9 routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10 /ipv6 route add check-gateway=ping comment="## Default Route - VS01" disabled=no \ distance=20 dst-address=::/0 gateway=2804:47e4:0:1::15 routing-table=main \ scope=30 suppress-hw-offload=no target-scope=10 add check-gateway=ping comment="## Default Route - VS02" disabled=no \ distance=100 dst-address=::/0 gateway=2804:47e4:8000:1::15 routing-table=\ main scope=30 suppress-hw-offload=no target-scope=10 add blackhole comment=BLACKHOLE disabled=no distance=255 dst-address=\ 2804:47e4:8c0::/48 gateway="" routing-table=main scope=30 \ suppress-hw-offload=no /ip service set ftp disabled=yes set telnet disabled=yes set www disabled=yes set winbox address=10.0.0.0/8,45.228.244.0/22,2804:47e4::/32,192.168.0.0/16 \ port=8292 set api disabled=yes set api-ssl disabled=yes set ssh address=2804:47e4:8c0::/48,10.1.24.0/24,192.168.0.0/16 port=9022 /ip upnp set show-dummy-rule=no /ipv6 address add address=2804:47e4:0:1::16/126 advertise=no comment=Enlace-VS01 interface=\ vlanif_199 add address=::1 from-pool=v6_pool_LAN interface=vlanif_69 add address=::1 from-pool=v6_pool_LAN_NOC interface=vlanif_70 add address=::1 from-pool=v6_pool_013_iot interface=vlanif_13 add address=2804:47e4:8000:1::16/126 advertise=no comment=Enlace-VS02 \ interface=vlanif_299 add address=fe80::4a8f:5aff:fe7a:1c7e advertise=no interface=vlanif_71 /ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6 add address=::1/128 comment="defconf: lo" list=bad_ipv6 add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6 add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6 add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6 add address=100::/64 comment="defconf: discard only " list=bad_ipv6 add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6 add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6 add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6 add address=2804:47e4:8c0::/48 list=SEDE-2804-47e4-8c0/48 add address=2804:47e4::/32 list=FIX-2804-47e4/32 add address=2804:47e4:8c0:4000::13/128 comment="DVR IOT" list=Servicos_sede add address=2804:47e4:8c0:3000::17/128 comment=NC-IPv6 list=Servicos_sede add address=fc00::/7 list=RFC-IPv6 add address=fe80::/64 list=RFC-IPv6 add address=ff00::/8 list=RFC-IPv6 add address=2001::/23 list=bad_ipv6 add address=2804:47e4:8c0:3000::22/128 comment=OCS-INVETORY list=\ Servicos_sede add address=2804:47e4:8c0:3000::5/128 comment="DVR SEDE" list=Servicos_sede add address=2804:47e4:8c0:3000::5/128 comment="DVR SEDE" list=DVR add address=2804:47e4:8c0:4000::13/128 comment="DVR IOT" list=DVR /ipv6 firewall filter add action=accept chain=input comment="Permit - ICPMv6" protocol=icmpv6 add action=accept chain=input comment="Permit - input - estab, related" \ connection-state=established,related add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ protocol=tcp src-address-list=FIX-2804-47e4/32 add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 add action=accept chain=forward comment="Permit - foward - estab, related" \ connection-state=established,related add action=accept chain=forward comment="Permit - Upload" src-address-list=\ SEDE-2804-47e4-8c0/48 add action=accept chain=forward comment="Permit - Dst Web" dst-address-list=\ Servicos_sede dst-port=80,443 protocol=tcp add action=accept chain=forward comment="Permit - Dst Web" dst-address-list=\ DVR dst-port=37777 protocol=tcp add action=drop chain=forward disabled=yes /ipv6 nd set [ find default=yes ] managed-address-configuration=yes \ other-configuration=yes add dns=2804:47e4:8c0:3000::6 interface=vlanif_70 \ managed-address-configuration=yes other-configuration=yes ra-preference=\ high add interface=vlanif_13 managed-address-configuration=yes \ other-configuration=yes add dns=2804:47e4:8c0:3000::6 interface=vlanif_69 \ managed-address-configuration=yes other-configuration=yes ra-preference=\ high add advertise-dns=no interface=vlanif_199 managed-address-configuration=yes \ ra-preference=low add interface=vlanif_71 managed-address-configuration=yes \ other-configuration=yes ra-preference=high /mpls settings set allow-fast-path=no propagate-ttl=no /ppp secret add name=andrefix profile=L2TP_NOC remote-address=192.168.70.10 service=l2tp add name=daniel.sato profile=L2TP_NOC remote-address=192.168.70.11 service=\ l2tp add name=telicfix profile=L2TP_NOC remote-address=192.168.70.12 service=l2tp add name=telicfix2 profile=L2TP_NOC remote-address=192.168.70.13 service=l2tp add name=diego profile=L2TP service=l2tp add disabled=yes name=diego2 profile=L2TP service=l2tp add disabled=yes name=guilherme profile=L2TP_NOC remote-address=192.168.70.14 \ service=l2tp add name=otaviofix profile=L2TP_NOC remote-address=192.168.70.12 service=l2tp add name=mariana.batista profile=L2TP_NOC remote-address=192.168.70.14 \ service=l2tp add name=ppp1 profile=L2TP_NOC remote-address=192.168.70.15 routes=\ 192.168.70.2 service=l2tp /radius add address=10.1.24.138 comment="Radius - 10.1.24.138" require-message-auth=\ no service=login src-address=10.1.24.23 timeout=300ms /radius incoming set accept=yes /snmp set contact="FIX FIBRA" enabled=yes location="\"Av. Nossa Sra. dos Navegantes,\ \_1222 - Eldorado, Diadema - SP, 09972-260\"" src-address=10.0.24.23 \ trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=SEDE-4011 /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=45.228.244.121 add address=45.228.246.122 add address=2804:47e4:1::120 add address=2894:47e4:8002::124 /system scheduler add name="Reboot=UPD" on-event="/system reboot" policy=reboot start-date=\ 2025-03-13 start-time=22:45:00 /system script add dont-require-permissions=no name=backupSFTP owner=danielfix policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ log warning \"***************************************\"\ \n#Conexao SFTP\ \n:global host 10.1.24.137\ \n:global usuario backups\ \n:global senha backups@fixfibra2@\ \n:global diretorio /SFTP/backups/mikrotik/router/RB-SEDE\ \n\ \n#Pega o nome do Router\ \n:global identifica [/system identity get name]\ \n\ \n#Gera data no formato AAAA-MM-DD\ \n:global data [/system clock get date]\ \n:global ano [:pick \$data 0 4]\ \n:global mes [:pick \$data 5 7]\ \n:global dia [:pick \$data 8 10]\ \n\ \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ \n:log info \"Processando...\";\ \n:delay 5s\ \n\ \n:log info \"Conectando SFTP Server...\";\ \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ \";\ \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ \n:delay 1\ \n\ \n:log info \"Backup enviado com sucesso...\";\ \n:log info \"Removendo arquivos...\";\ \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ \n:log info \"Rotina de backup finalizada...\";\ \n:log warning \"***************************************\";\ \n\ \n" /system watchdog set watchdog-timer=no /tool bandwidth-server set enabled=no /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN /tool netwatch add disabled=no down-script="/log info message=\"Deviando upload para rota de \ backup\"\r\ \n/ip route/disable [find comment=\"ROTA-DEFAULT-NAT01\"]\r\ \n" host=192.33.4.12 http-codes="" interval=1m test-script="" type=icmp \ up-script="/log info message=\"Deviando upload para rota princiapl\"\r\ \n/ip route/enable [find comment=\"ROTA-DEFAULT-NAT01\"]\r\ \n" /tool romon set enabled=yes /user aaa set use-radius=yes